SOLUTION: Http to https Owa redirection via ISA 2006 is not working with error FWX_E_TCP_RATE_QUOTA_EXCEEDED_DROPPED


Http to https Owa redirection via ISA 2006  is not working with error  FWX_E_TCP_RATE_QUOTA_EXCEEDED_DROPPED


You configured http to https redirection for OWA (that is user connects to will be redirected to But OWA page is not displayed and no error in browser, it just waits. If you start logging in ISA 2006 Server monitoring, you see the error in the log about the connection from the client IP:


0xC0040037      A connection was rejected because the maximum connections rate for a single client host was exceeded.


/* is entered in Path tab in http to https redirection rule. You defined a rule with following:

If user connects to rules denies the connection and redirect http request to web page And  OWA publishing allow rule below the redirection rule applies to public name and owa page is displayed.




So that you hope that user  does not need to write https at beginning of address and /owa at the end. But since /* was entered and on path tab in Internal Path field, the  redirected request to, will be redirected again to and loop occurs. Because of * character, redirection rule applies again an again.

As a result ISA drops the connections because those connections turn to an attack and maximum connections rate for a single client host is exceeded.

And off course you should have OWA Publishing rule for which applies when  the connection is redirected to Owa Publishing rule configuration is out of scope of this blog.


Use / not  /* in http to https redirection rule. Connection to hits the redirection rule first and redirected connection to  hits to Owa publishing rule that should be placed under redirection rule.


More Information:

In order for http to https redirection rule work in this method, port 80 must be open from internet to ISA Server. First connection request to should hit the redirection rule via 80 then the connection will be redirected to and hit owa publishing rule for  public name

To understand the messages in ISA log see:

ISA Server 2006 Logging Fields and Values

Gallery | This entry was posted in Exchange Server, ISA Server and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s